Links

Crowdstrike Integration

Steps to Integrate

Step 1: Create a Webhook

  • Visit the Webhooks page in Binalyze AIR,
  • Click the "+ New Webhook" button in the upper right corner,
  • Provide a self-explanatory name (examples: RDP Brute Force Trigger, Phishing Detected Trigger, etc.),
  • Select "Crowd Strike Webhook Parser" as the parser for this webhook,
  • Select an Acquisition Profile,
  • Provide other settings such as Evidence Repository, CPU Limit, Compression & Encryption to use or let AIR configure them automatically based on the matching policy.
  • Click the "Save" button,
  • Hover your mouse over the link below the Webhook name and double-click to copy

Step 2: Configure Crowdstrike

  • Go to Crowdstrike Store, find the Webhook Plugin, and open it.
  • Click Configure, and fill in the blanks
    • Name: Give an explanatory name
    • Webhook URL: Paste the webhook you created earlier,
    • Click Notify On Configuration Failure and save the configuration.
  • Go to Fusion workflow,
  • Create a workflow or use an existing one,
  • Create a trigger, Add action
  • Choose action type: Notification
  • Choose the webhook name you created in the second step
  • Add Sensor Hostname to Data to Include
Save and exit.